On 5 November 2015 at 06:23, Adam D. Barratt <a...@adam-barratt.org.uk> wrote: > Do you have an estimate of how many packages that would be? I looked at > the output of "dak rm -Rn -s stable golang" and made various sad faces.
That sad face is 100% warranted. :( I don't know the number off-hand, but I imagine it's pretty large by now. > (Also, do -dev packages that are architecture-dependent also need > rebuilding? I wasn't clear from your description, but for instance: > > golang-websocket-dev | 0.0~git20140119-1 | stable | amd64, > armel, armhf, i386 > golang-websocket-dev | 0.0~git20150811.0.b6ab76f-1 | testing | all > golang-websocket-dev | 0.0~git20150811.0.b6ab76f-1 | unstable | all > ) Right -- I meant -dev packages which are arch:all, since they're going to just be full of .go files. Any that aren't _probably_ contain a binary, and thus would need a rebuild (or a maintainer made a mistake and it's really supposed to be an arch:all package, but I don't think we've got many of those left). >> To Salvatore's comment, I'd be happy to update to include the fix for >> that too if RT is OK with it. :) (Meanwhile will work on getting a >> fix for it into unstable.) > > It doesn't look like that happened yet? (Or the Security Tracker hasn't > been updated.) I think this is a case of the security tracker not being updated: | golang (2:1.4.3-1) unstable; urgency=medium | | * New upstream version (https://golang.org/doc/devel/release.html#go1.4.minor) | - includes previous CVE and non-CVE security fixes, especially | TEMP-0000000-1C4729 | | -- Tianon Gravi <tia...@debian.org> Fri, 25 Sep 2015 00:02:31 -0700 (Upstream made a 1.4.3 release that is 1.4.2 + CVE and security fixes.) ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
